diff options
| author | Linux Build Service Account <lnxbuild@localhost> | 2016-12-26 08:58:24 -0800 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2016-12-26 08:58:23 -0800 |
| commit | bb7bd9fe3b65f1d340cf13a43b7c1ddb94895c1a (patch) | |
| tree | 68a5ce4e103f0ec8dc9bc867d83e80c42c263e70 | |
| parent | 2300bb89c0b3c9e79ebc298b4e8ca561ff2ab174 (diff) | |
| parent | f7ae4042cd2e1805a1e7afe317eb529c212ff486 (diff) | |
Merge "diag: dci: Fix possible dangling reference"
| -rw-r--r-- | drivers/char/diag/diag_dci.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/drivers/char/diag/diag_dci.c b/drivers/char/diag/diag_dci.c index 7af9d8184f97..f47b390375c4 100644 --- a/drivers/char/diag/diag_dci.c +++ b/drivers/char/diag/diag_dci.c @@ -771,6 +771,7 @@ static int diag_dci_remove_req_entry(unsigned char *buf, int len, if (*buf != 0x80) { list_del(&entry->track); kfree(entry); + entry = NULL; return 1; } @@ -788,6 +789,7 @@ static int diag_dci_remove_req_entry(unsigned char *buf, int len, if (delayed_rsp_id == 0) { list_del(&entry->track); kfree(entry); + entry = NULL; return 1; } @@ -801,6 +803,7 @@ static int diag_dci_remove_req_entry(unsigned char *buf, int len, if (rsp_count > 0 && rsp_count < 0x1000) { list_del(&entry->track); kfree(entry); + entry = NULL; return 1; } @@ -2682,10 +2685,12 @@ int diag_dci_init(void) err: pr_err("diag: Could not initialize diag DCI buffers"); kfree(driver->apps_dci_buf); + driver->apps_dci_buf = NULL; if (driver->diag_dci_wq) destroy_workqueue(driver->diag_dci_wq); kfree(partial_pkt.data); + partial_pkt.data = NULL; mutex_destroy(&driver->dci_mutex); mutex_destroy(&dci_log_mask_mutex); mutex_destroy(&dci_event_mask_mutex); @@ -2705,7 +2710,9 @@ void diag_dci_channel_init(void) void diag_dci_exit(void) { kfree(partial_pkt.data); + partial_pkt.data = NULL; kfree(driver->apps_dci_buf); + driver->apps_dci_buf = NULL; mutex_destroy(&driver->dci_mutex); mutex_destroy(&dci_log_mask_mutex); mutex_destroy(&dci_event_mask_mutex); @@ -2917,22 +2924,30 @@ fail_alloc: mutex_destroy(&proc_buf->health_mutex); if (proc_buf->buf_primary) { kfree(proc_buf->buf_primary->data); + proc_buf->buf_primary->data = NULL; mutex_destroy( &proc_buf->buf_primary->data_mutex); } kfree(proc_buf->buf_primary); + proc_buf->buf_primary = NULL; if (proc_buf->buf_cmd) { kfree(proc_buf->buf_cmd->data); + proc_buf->buf_cmd->data = NULL; mutex_destroy( &proc_buf->buf_cmd->data_mutex); } kfree(proc_buf->buf_cmd); + proc_buf->buf_cmd = NULL; } } kfree(new_entry->dci_event_mask); + new_entry->dci_event_mask = NULL; kfree(new_entry->dci_log_mask); + new_entry->dci_log_mask = NULL; kfree(new_entry->buffers); + new_entry->buffers = NULL; kfree(new_entry); + new_entry = NULL; } mutex_unlock(&driver->dci_mutex); return DIAG_DCI_NO_REG; @@ -2963,6 +2978,7 @@ int diag_dci_deinit_client(struct diag_dci_client_tbl *entry) * masks and send the masks to peripherals */ kfree(entry->dci_log_mask); + entry->dci_log_mask = NULL; diag_dci_invalidate_cumulative_log_mask(token); if (token == DCI_LOCAL_PROC) diag_update_userspace_clients(DCI_LOG_MASKS_TYPE); @@ -2971,6 +2987,7 @@ int diag_dci_deinit_client(struct diag_dci_client_tbl *entry) return ret; } kfree(entry->dci_event_mask); + entry->dci_event_mask = NULL; diag_dci_invalidate_cumulative_event_mask(token); if (token == DCI_LOCAL_PROC) diag_update_userspace_clients(DCI_EVENT_MASKS_TYPE); @@ -2986,6 +3003,7 @@ int diag_dci_deinit_client(struct diag_dci_client_tbl *entry) if (!list_empty(&req_entry->track)) list_del(&req_entry->track); kfree(req_entry); + req_entry = NULL; } } @@ -3001,6 +3019,7 @@ int diag_dci_deinit_client(struct diag_dci_client_tbl *entry) buf_entry->data = NULL; mutex_unlock(&buf_entry->data_mutex); kfree(buf_entry); + buf_entry = NULL; } else if (buf_entry->buf_type == DCI_BUF_CMD) { peripheral = buf_entry->data_source; if (peripheral == APPS_DATA) @@ -3027,14 +3046,17 @@ int diag_dci_deinit_client(struct diag_dci_client_tbl *entry) mutex_unlock(&buf_entry->data_mutex); mutex_destroy(&buf_entry->data_mutex); kfree(buf_entry); + buf_entry = NULL; } mutex_lock(&proc_buf->buf_primary->data_mutex); kfree(proc_buf->buf_primary->data); + proc_buf->buf_primary->data = NULL; mutex_unlock(&proc_buf->buf_primary->data_mutex); mutex_lock(&proc_buf->buf_cmd->data_mutex); kfree(proc_buf->buf_cmd->data); + proc_buf->buf_cmd->data = NULL; mutex_unlock(&proc_buf->buf_cmd->data_mutex); mutex_destroy(&proc_buf->health_mutex); @@ -3042,13 +3064,17 @@ int diag_dci_deinit_client(struct diag_dci_client_tbl *entry) mutex_destroy(&proc_buf->buf_cmd->data_mutex); kfree(proc_buf->buf_primary); + proc_buf->buf_primary = NULL; kfree(proc_buf->buf_cmd); + proc_buf->buf_cmd = NULL; mutex_unlock(&proc_buf->buf_mutex); } mutex_destroy(&entry->write_buf_mutex); kfree(entry->buffers); + entry->buffers = NULL; kfree(entry); + entry = NULL; if (driver->num_dci_client == 0) { diag_update_proc_vote(DIAG_PROC_DCI, VOTE_DOWN, token); |